I like this analysis. I’d add in a ‘mindfulness’ statement so that organisations are aware of the threats before they attempt risk management…:
- Cybersecurity is a key risk that S&P Global Ratings embeds, as relevant, in its overall assessment of an entity’s creditworthiness.
- The increasing frequency of attacks and the potential for rapid deterioration in credit profiles after an attack are risk factors that are relevant for our rating assessments now.
- Leadership, communication, and external transparency are key to limiting the damage caused by a cyber attack. From a credit perspective, we believe that these factors are the most important in limiting potential rating changes post attack.
- Although it is crucial to learn from previous attacks and strengthen cyber risk frameworks in real time, the appropriate detection and remediation of attacks takes precedence as the nature of threats will continue to evolve.
- As attacks become more prevalent, entities that handle them well will ensure a better outcome, in terms of both protecting profitability streams as well as their reputation with customers.